CVE-2025-7069

Опубликовано: 04 июл. 2025

Источник: redhat

CVSS3: 3.3

Описание

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

A flaw was found in HDF5. The H5FS__sect_link_size function in src/H5FSsection.c contains a heap-based buffer overflow resulting from improper bounds checking during data manipulation. This vulnerability allows a local attacker to trigger this overflow via a crafted file, possibly leading to an application-level denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux AI (RHEL AI)	hdf5	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-119

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2376482hdf5: HDF5 Heap Overflow

3.3 Low

CVSS3

Связанные уязвимости

CVE-2025-7069

CVSS3: 3.3

ubuntu

30 дней назад

CVE-2025-7069

CVSS3: 3.3

nvd

30 дней назад

CVE-2025-7069

CVSS3: 3.3

debian

30 дней назад

A vulnerability, which was classified as problematic, was found in HDF ...

GHSA-8qx3-g6mx-gvp7

CVSS3: 3.3

github

30 дней назад

BDU:2025-08164

CVSS3: 3.3

fstec

около 1 месяца назад

Уязвимость функции H5FS__sect_link_size() (src/H5FSsection.c) библиотеки HDF5, позволяющая нарушителю вызвать отказ в обслуживании

3.3 Low

CVSS3